From owner-freebsd-security Mon Apr 15 0: 3: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from acaxp.physik.rwth-aachen.de (acaxp1.physik.rwth-aachen.de [137.226.32.200]) by hub.freebsd.org (Postfix) with ESMTP id 7375337B400 for ; Mon, 15 Apr 2002 00:03:03 -0700 (PDT) Received: from gil.physik.rwth-aachen.de (gilberto.physik.rwth-aachen.de [137.226.46.168]) by acaxp.physik.rwth-aachen.de (8.8.8/8.8.8) with ESMTP id JAA09601 for ; Mon, 15 Apr 2002 09:03:01 +0200 (MET DST) Received: (from kuku@localhost) by gil.physik.rwth-aachen.de (8.11.6/8.11.6) id g3F731k18347 for freebsd-security@freebsd.org; Mon, 15 Apr 2002 09:03:01 +0200 (CEST) (envelope-from kuku) Date: Mon, 15 Apr 2002 09:03:01 +0200 (CEST) From: Christoph Kukulies Message-Id: <200204150703.g3F731k18347@gil.physik.rwth-aachen.de> To: freebsd-security@freebsd.org Subject: Limiting closed port RST response from 381 to 200 p Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ackets per second My machine often shows these logs on the console when I enter the office in the morning. Sometimes the machine even got unresponsive and I had to reboot (Though I'm not sure whether this is the cause or I have some hardware flakeyness). It looks like the machine is being attacked. Is there a way to trap the attacker? Apr 12 10:32:24 host /kernel: Limiting closed port RST response from 336 to 200 packets per second Apr 12 10:32:25 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 10:32:26 host /kernel: Limiting closed port RST response from 355 to 200 packets per second Apr 12 10:32:28 host /kernel: Limiting closed port RST response from 379 to 200 packets per second Apr 12 10:32:29 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 10:32:30 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 10:32:31 host /kernel: Limiting closed port RST response from 325 to 200 packets per second Apr 12 14:12:17 host /kernel: Limiting closed port RST response from 336 to 200 packets per second Apr 12 14:12:18 host /kernel: Limiting closed port RST response from 383 to 200 packets per second Apr 12 14:12:20 host /kernel: Limiting closed port RST response from 355 to 200 packets per second Apr 12 14:12:21 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:22 host /kernel: Limiting closed port RST response from 387 to 200 packets per second Apr 12 14:12:24 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:25 host /kernel: Limiting closed port RST response from 380 to 200 packets per second Apr 12 14:12:26 host /kernel: Limiting closed port RST response from 383 to 200 packets per second Apr 12 14:12:27 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:12:29 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 14:12:30 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:31 host /kernel: Limiting closed port RST response from 380 to 200 packets per second Apr 12 14:12:33 host /kernel: Limiting closed port RST response from 383 to 200 packets per second Apr 12 14:12:34 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:12:35 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 14:12:36 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:38 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:39 host /kernel: Limiting closed port RST response from 386 to 200 packets per second Apr 12 14:12:40 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:42 host /kernel: Limiting closed port RST response from 382 to 200 packets per second Apr 12 14:12:43 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:12:44 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:45 host /kernel: Limiting closed port RST response from 379 to 200 packets per second Apr 12 14:12:47 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:12:48 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 14:12:49 host /kernel: Limiting closed port RST response from 383 to 200 packets per second Apr 12 14:12:51 host /kernel: Limiting closed port RST response from 385 to 200 packets per second Apr 12 14:12:52 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:12:53 host /kernel: Limiting closed port RST response from 380 to 200 packets per second Apr 12 14:12:54 host /kernel: Limiting closed port RST response from 383 to 200 packets per second Apr 12 14:12:56 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:12:57 host /kernel: Limiting closed port RST response from 231 to 200 packets per second Apr 12 14:12:58 host /kernel: Limiting closed port RST response from 350 to 200 packets per second Apr 12 14:13:00 host /kernel: Limiting closed port RST response from 352 to 200 packets per second Apr 12 14:13:01 host /kernel: Limiting closed port RST response from 355 to 200 packets per second Apr 12 14:13:02 host /kernel: Limiting closed port RST response from 384 to 200 packets per second Apr 12 14:13:04 host /kernel: Limiting closed port RST response from 386 to 200 packets per second Apr 12 14:13:05 host /kernel: Limiting closed port RST response from 381 to 200 packets per second Apr 12 14:13:06 host /kernel: Limiting closed port RST response from 298 to 200 packets per second -- Chris Christoph P. U. Kukulies kukulies@rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message